Detection of attacks in Internet of Things networks using machine learning methods

Abstract

The increase in the volume of digital data generated, in particular, by smart devices of the Internet of Things, has made research related to the application of machine learning methods to detect anomalies in network traffic - the presence of network attacks - relevant. For this purpose, the article proposes a unified approach to detecting attacks at various levels of the Internet of Things network architecture, based on machine learning methods. The article investigates that at the level of a wireless sensor network, the detection of an attack is related to the detection of anomalous behavior of an Internet of Things device, in which the deviation of the behavior of an Internet of Things device from its profile can be considered as a compromise of the device. Building profiles of smart IoT devices is based on statistical characteristics, such as the intensity and duration of packet transmission, the proportion of relayed packets, etc. It has been studied that at the level of a local or global wired network of the Internet of Things, data aggregation takes place, the analysis of which is also performed by machine learning methods. Trained classifiers can become part of a network attack detection system that makes decisions about node compromise "on the fly". Models of network attack classifiers at the level of a wireless sensor network, and at the level of a local or global wired network are experimentally selected. The best results in terms of completeness and accuracy estimates are demonstrated by the random forest method for a wired local and (or) global network and by all considered methods for a wireless sensor network. Practical significance: the proposed classifier models can be used in the design of attack detection systems in Internet of Things networks.